i’ve been asked to create a log server and save customers activity to it
what type of software i need to get this job done
i have to keep the activity based on specific ip address and by PPPOE username
any help about such thing new to me is appreciated
thx
any one
You have at least two options:
The easiest option is to use a Linux system and the already installed syslog server (enable network logging)
plus existing tools to analyze textfiles.
See my post here:
http://forum.mikrotik.com/t/using-splunk-to-analyse-mikrotik-logs/105668/1
There are other tools free like Greylog, but Splunk is in my opinion the best. And if you stay under 500MB pr day, its free.
i already have a radius server,i am using the SAS Radius
i heard splunk is good but costs very much to buy
500MB per day,i do not know if that is enough as i never installed such system before that is why i am having hard times to figure this out
500MB is quit a big log file.
I have some Mikrotiks, Windows server, Linux Server. IP Phone, some Axis camera, UPS and some other stystem.
All i logged inn to Splunk.
When install, you get full version for one month, to test all functions. After that you convert it to free lisenes.
You only need to create an account (free, no creditcard), download software and install on Windows or Linux.
https://www.splunk.com/en_us/products/splunk-enterprise.html
ok thx i will look more at it,also have u tried Paessler which contain Log sensor,there is manage engine and kiwi sys log
from experience which is best and more stable.
As am a small ISP growing there is no room for failures or freezing or problems
Splunk is the defacto log corelation tool to use. 500Mbyte / Day is the free limit. Total data is another story.
Other opensource alternatives are emerging…
Yup u are right,looking for total data and logs must be kept for long time,each pppoe request must be kept so imagine the size of daily log file if u have about 300 customers
And just to say to get the jobb done if corelation of many loggs and making meta statistics is not the use case: Here I read save loggs for one customer.
apt-get install syslog point your routers to that and you are done. Having log data is the first step.
Managing log data lifetime is another
taking multiple sources of data corelate data to get meta here Splunk excels and what it is actually for.
What about Paessler and ManageEngine,Graylog and kiwi sys log,are they capble of doing the Job.
Looking specific for Paessler and ManageEngine as both are capable of doing more such as logging and network and bandwidth monitor at same time
am not talking about price,discussing the best option for keeping logs for about 1 year
“by the way do u have an idea how much space approximately i need per day for Traffic,IP and DATA Log”
Just to be some more clear about the 500MB/day limit on Splunk
You can store as much data as you like, as long as it does not pass 500MB/day.
The more disk you have, the more data you can store for longer time.
But you can pass 500MB/day, 3 times in a specific period. (not sure if it 30 day period)
This is good to have, when adding a new device or install a new Splunk server.
It then can get all the historical logs passing the 500MB/day limt.
After this you run system normal and keep the data below 500MB/day.
For Mikrotik it depends on what you log. If you log every firewall rules, every nat etc it will grow up in size
Since it free, you can test it out and see if its ok for you.
Kiwi Syslog server is more just like a collector for message.
Greylog is like Splunk light. If 500MB/day is ok go for Splunk, if not Greylog would do.